Hackers that gain access to email accounts, using methods such as phishing, don’t just steal data and go.

According to a report by Barracuda Networks published today, 33% instead remain in accounts for over a week, finding the best way to maximise its takeover.

This can include impersonating the account owner or collecting login details to sell on.

The report found that the latter approach is becoming an “increasingly specialised” field, with 31% of account compromises analysed in the report seeing the initial attackers gaining access, before selling on the login details to a second set of cybercriminals who find ways to monetise it.

“Cybercriminals are getting stealthier and finding new ways to remain undetected in compromised accounts for long periods of time so they can maximize the ways they can exploit the account, whether that means selling the credentials or using the access themselves,” said Don MacLennan, SVP engineering, Email Protection at Barracuda.

Email hackers: The illicit and growing industry

The report, which saw researchers assess compromised accounts across 111 organisations, has found that email hackers are not rogue actors so much as part of an increasingly sophisticated and specialised economy.

Email hackers are using a mixture of tactics to gain access to accounts, before finding ways to may money off that access, either by selling the login details on or identifying data or other means to profit.

Access is being achieved through a mixture of spear phishing, spear phishing and brand impersonation, but data from existing breaches can also be utilised.

Barracuda found that 20% of compromised accounts are in at least one password data breach, which indicates that email hackers are taking advantage of the unwise but common practice of reusing passwords across different work and personal accounts.

For businesses, while this may all sound concerning, its valuable insight that can guide future cybersecurity efforts.

“Being informed about attacker behavior will help organisations put the proper protection in place,” says MacLennan, “so they can defend against these types of attacks and respond quickly if an account is compromised.”


Read more: How to spot spear phishing and protect your business from costly attacks